Data Protection Policy
Written By Ali SEGHIR – CCO
Creation Date August 2023
Validated By Masraf Board of Directors
Last Update Date November 2023
Creation Date August 2023
Validated By Masraf Board of Directors
Last Update Date November 2023
I. INTRODUCTION – SCOPE
The following Policies and Procedures are derived fromthe European Union’s General Data Protection Regulations
and putin place by Masrafto enforce the protection of our clients’ personal data regarding:
• Processing of personal data.
• Transfer of personal data.
• Secure storage of personal data.
• The execution of automated processing of personal data.
The applicable regulatory requirements are namely that of EU Regulation 2016/679 “General Data Protection Regulations” (“GDPR”) transposed into Dutch law: Algemene Verordering Gegevensbescherming (AVG)
II. THE PROCESSING OF PERSONAL DATA
a- Purpose limitation – data minimization
All data requested by Masraf from our users will be relevant and limited to what is necessary for both parties to
enter a legitimate Business Relationship.We are committed to data minimization,to avoid the over capture of data.
b- Conditions for consent
a) Where processing is based on consent, Masraf shall be able to demonstrate that the data subject has consented to processing of his or her personal data. In relation to the processing of the personal lass than 18 years old, note that Masraf shall not onboard any minor.
b) If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent for a specific matter shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.
c) Consent can be by a written statement, including by electronic means, or an oral statement (where having positively identified the data subject, a record of which should be kept by Masraf). Silence, pre-ticked boxes or inactivity will not constitute consent.
d) The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof.
e) Consent should be freely given by the data subject. Utmost care should be taken of whether, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
c- Accuracy of data
Incorrect data that has been received by MASRAF will be erased or rectified without delay to ensure that all processed data remains accurate and without error.
This policy is also relevant for data thatrequires periodic updating (i.e., Proof ofAddress) orif a data itembecomes outdated/expired (i.e., Proof of Identification).
d- Storage limitation
Customer data should be stored for no longer than 5 years after the relationship has ceased Captured data will be stored no longer than islegally or operationally required.
e- Integrity & confidentiality
Archived digital and Physical Personal data will be always protected against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
f- Accountability
Accessto Personal Data will be recorded to ensure that any unauthorized access can be detected, and accountability and responsibility can be assigned to the relevant party.
g- Legal obligation to process data
As MASRAF
offersfinancialservicesto individualsin the public, we have a legal obligation to request personal data to verify the true legal identity ofthe natural persona / corporate identity aswell as otherrelevant data points. All data isrequested priorto entering a businessrelationship.
III. LEGAL RIGHTS OF THE DATA SUBJECT
All participating individualswill have the rightto request accessto their data. Thisrequest can be submitted for a variety ofreasons. MASRAF has outlined waysin which natural persons can gain accessto certain personal data, in a controlled and timelymanner.
a- Personal data capture transparity
For a customerto be successfully onboarded they will have to complete a series of questionnaires and provide information to verify theirIdentity, physical address and potentially some financial information.All information will be compiled into a CustomerIdentification File (CIF). Upon capture of personal information, MASRAF disclosesthe following:
• Contact Details ofthe Company.
• The Legal necessity for the capture of this data.
• The Period of which the personal data will be stored.
• The right to request accessto the data captured for:
o Rectification
o Deletion
• The right to lodge a complaint with a supervisory authority.
• The disclosure of any automated decisionmaking based on submitted data.(i.e.,risk- based scoring for the customer profile).
• State thatthis data isforinternal compliance purposes only.
b- Rights of access
The data subject hasthe rightto obtain accessto the personal data they have submitted and to receive confirmation ofthe reason their data is being processed. The following information will be provided on request:
• The reason and purpose ofthe data thatis captured.
• The Period of which the personal data will be stored.
All Personal information captured by MASRAF is declared by the data subject.Upon completion of the registration process, MASRAF customers will be able to log into their website and access allthis personal information via their “Profile Page”.
c- Right to rectification
MASRAF userswill be able to edit and rectify allsubmitted personal data attheir own discretion by accessing their profile page within the Masraf website or mobile application. However, it must be noted thatrectifications are subject to a review by a compliance officerto ensure the legitimacy and accuracy ofthe personal data captured. Additional information may be requested once an individual hasrectified a personal data item.
d- Right to erasure As MASRAF
offersfinancialservicesthe legalrequirementsto store physical and digital data override any requeststo delete submitted data priorto the 5-year archiving period. Thisis clearly stated within the onboarding procedure, prior to entering a businessrelationship with MASRAF.
IV. PROCESSING PERSONAL DATA
The processing of personal data is described as any process or operation that involvesthe usage/transference of personal data. Masraf’s sole processing activity commences upon the submission of personal data by the data subject. Thisinformation is compiled and archived by means an automated technology that was built andmaintained in house and therefore isthe sole processor involved.
a- Record keeping
As all processing is done with a technical aid and no manual intervention. A record will be kept electronically of the data subject’s access, rectification, and addition of their personal data. Once personal data has been submitted, oursoftware willrecord each field of data into its respective category within the Masraf database. Customer data should be stored for no longer than 5 years after the relationship has ceased.
b- Personal data processing register
Masraf undertakes to keep a register of processing activities.
Masraf is responsible for ensuring that any new processing is recorded in the register with relevant background information on the processing.
c- Secure processing
As aforementioned all processing is done within ourtechnicalsystems.OurIT Security Policy is based around the PCI DSS framework to ensure the higheststandard of Technical and Access security is enforced by MASRAF.
IT SECURITY POLICY OVERVIEW
• Secure Network and Systems
• Secure Accessto Networks
• Protecting Stored Cardholder Data (Personal Data)
• Secure Cardholder Data Across Open, Public Networks
• Protection Against Malware
• Secure Web-Based and Mobile Applications
• Strong Access Control
• Authentic Accessto Internal Systems
• Restricted Physical Access
• MonitorAccess
• Test Security
• Maintenance of IT Security Policy
d- Personal data breach (PDB)
A personal data breach is described as a breach in security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, personal data. Masraf exercisesthe higheststandard to data security to mitigate thisrisk asmuch as possible, however impenetrable security is never guaranteed. The following policies are outlined to ensure a timely and effective response in the event of a personal data breach.
Notifying the supervisory authority / third party Afterbecoming awareofaPersonalDataBreachMasrafwillwithoutunduedelaynotifythe applicableSupervisory Authority / Third party based on thememberstate thatbest observesthe rights and freedoms ofthe data subjects effected by the breach. When notifying the supervisory authority, the following will be expressed (if possible):
• The nature ofthe personal data breach.
• The nature ofthe data that was compromised.
• The number of data subject affected.
• Possible consequences of breach.
• Whatimmediate action wastaken to counterthe breach.
• Name and contact details of the data protection officer.
All information will be submitted and recorded without undue delay. If this period exceeds 72 hours, further explanation will be provided. Notifying the data subject If a PDB occurs all effected data subjects will be promptly notified to minimize any adverse effectsthat could be caused by the breach.
As Masraf providesfinancialservices, all personal data breaches will be considered high risk.
The communication will clearly expressthe following:
• Possible consequences of breach.
• Whatimmediate action wastaken to counterthe breach.
• Name and contact details ofthe data protection officer.
Scenarioswhere data subjectis not obliged to be notified:
• A breach occurred butthe sensitive data was not compromised due to the use of encryption,
truncation, masking, hashing or any other data defence material.
V. ROLES AND RESPONSIBILITIES
a- Data Protection Officer (DPO)
Should you have any queries regarding the application of this procedure, or you would like to raise any suspicions of any nature, please contact the designated DPO:
Name Ali SEGHIR
Email ali@masraf.fr
Mobile +971551103940
b- Masraf Board
Responsible for approval of IT security policies. Control of employee’s system access, the domains they can access.
Maintenance of the Server room.
c- Head of Operations
Overall enforcement of security policies. Training of Staff. The semi-annual audit of the policies and implementation of new security measures. The first responder to any incident that causes the technological infrastructure to be compromised.
Correspondence with data subjects
VI. CODE OF CONDUCT
Masraf has outlined a code of conduct to encourage the proper application ofsafeguarding processes in terms of Personal Data Capture and Processing. This code of conduct will apply to all current practices and should be considered when a new process is being designed to ensure future compliance with all GDPR and PCI DSS Regulations.
1. All processing of personal data should be done in a transparent manner.
2. Collecting of PersonalDatamust be done with the Data Subjects consent andmust be made fully aware of the purpose of capturing this data.
3. Effortsshould be made to ensure Data Subjects are aware oftheirrights and freedoms.
4. No data of persons underthe age of 18 should be processed.
5. Data Subjects need to be notified if a harmful data breach occurs.
6. Controls and safeguardsshould be putin place to avoid all unauthorized access as best as possible.
7. Ensure that all personal data security isfully PCI DSS Compliant.
8. Yearly training should be given to all employees who are involved in the control or processing of personal data. To ensure the most contemporary measures are applied.
VII. PERSONAL DATA TRANSFER (3RD COUNTRIES)
The transfer of personal data should be given the utmost care, to prevent accessfrom unauthorized parties and to ensure the ongoing integrity ofthe data that has been transferred. Therefore, when transferring data, a full adequacy review of the destination should be undertaken and only ifthe destinationsstandardsmatch that ofthe original controllershould the data be transferred. Thisrisk is compounded when transferring data to 3rd Countries and therefore requiresmore stringent measures.
Referto the EU website to view a contemporary list of “3rd countries”.
https://ec.europa.eu/food/animals/movement-pets/eu-legislation/listing-territories-and-third- countries en
a- Adequacy criteria
• General climate ofthe Country in question
o Rule of Law – Human rights,fundamental freedoms
o The Political and Legislative regulation
Focus on Personal Data Protection Laws
o The presence of Supervisory Authorities
Compliance and Enforcement
o Presence ofsanctions and adverse media
These reviewsshould be periodic asthe ppolitical and therefore legislative climate ofthe country is ever changing.
b- Transfer safeguards To safeguard against any misuse or unauthorized use of personal data that has been transferred one ormore ofthe following safeguardsshould be enforced.
• A legally binding standard data protection agreement between both entities.
• A binding commitment to replicate Data protection principles of Masraf.
o Proof ofthe application ofthese principles
• Approval and advise froma Supervisory Authority.
o Can be in the formof an approval code.
• An approval certificate from a third country Supervisory Authority that has adequate.
enforcementrightsregarding data subjects’rights and freedoms.
VIII. COOKIE POLICY
a- Introduction
Masraf may use cookies, web beacons, tracking pixels, and other tracking technologies when an individual visits our website , including any other media form, media channel,mobile website, ormobile application related or connected thereto (collectively,the “ Site”)to help customize the Site and improve your experience. We reserve the right to make changes to this Cookie Policy at any time and for any reason. Any changes or modifications will be effective immediately upon posting the updated Cookie Policy on the Site, individuals will not receive specific notice of each such change ormodification.
Users are encouraged to periodically review this Cookie Policy to stay informed of updates. You will be deemed to have beenmade aware of, will be subjectto, and will be deemed to have accepted the changesin any revised Cookie Policy by their continued use of the Site afterthe date such revised Cookie Policy is posted. b- Use of cookies
A “cookie” is a string of information which assigns a user with a unique identifierthat MASRAF stores on your computer. Your browserthen providesthat unique identifierto MASRAF each time you submit a query to the Site. We use cookies on the Site to, among otherthings, keep track of servicesindividuals have used,record registration information,record an individual’s user preferences, keep themlogged into the Site,facilitate purchase procedures, and track the pages they visit. c- Types of cookies
The following types of cookiesmay be used on the MASRAF Website Advertising cookies Advertising cookies are placed on an individual’s computer by advertisers and ad serversto display advertisements that aremost catered to the specific induvial. These cookies allow advertisers and ad serversto gatherinformation about users visitsto the Site and other websites, alternate the adssent to a specific computer, and track how often an ad has been viewed and by whom. These cookies are linked to a computer and do not gather any personal information about MASRAF Users.
Analytics cookies Analytics cookies monitor how usersreached the Site, and how they interact with and move around once on the Site. These cookieslet us know whatfeatures on the Site are working the best and what features on the Site can be improved.
Our cookies
Our cookies are “first-party cookies” and can be either permanent ortemporary. These are necessary cookies, without which the Site won’t work properly or be able to provide certain features and functionalities. Some ofthese may be manually disabled in your browser but may affect the functionality of the Site. Personalization cookies Personalization cookies are used to recognize repeat visitorsto the Site.We use these cookiesto record your browsing history,the pages you have visited, and yoursettings and preferences each time you visit the Site.
Security cookies
Security cookies help identify and preventsecurity risks.We use these cookiesto
authenticate users and protect user data fromunauthorized parties.
Site management cookies Site management cookies are used to maintain an individual’s identity or session on the Site so that they are not logged off unexpectedly, and any information that is entered is retained from page to page. These cookies cannot be turned off individually, but all cookies can be disable in your browser.
Third-party cookies
Third-party cookies may be place on your computer when you visitthe Site by companiesthat run certain services we offer. These cookies allow the third parties to gather and track certain information about you. These cookies can be manually disabled in your browser.
d- Control of cookies
Most browsers are set to accept cookies by default. However, individuals can remove or reject cookies in your browser’ssettings.Wemake our usersaware thatsuch action could affectthe availability and functionality ofthe Site.
For more information on how to control cookies, check your browser or device’s settingsfor how you can control or reject cookies, or visitthe following links: e- Other tracking technology
In addition to cookies, Masraf may make use web beacons, pixeltags, and othertracking technologies on the Site to help customize the Site and improve our user’s experience.A“web beacon” or “pixeltag” istiny object orimage embedded in a web page or email. They are used to track the number of users who have visited pages and viewed emails and acquire otherstatistical data. They collect only a limited set of data,such as a cookie number,time and date of page or email view, and a description ofthe page or email on which they reside.Web beacons and pixel tags cannot be declined, individuals can elect to minimize/limit their usage.
• Processing of personal data.
• Transfer of personal data.
• Secure storage of personal data.
• The execution of automated processing of personal data.
The applicable regulatory requirements are namely that of EU Regulation 2016/679 “General Data Protection Regulations” (“GDPR”) transposed into Dutch law: Algemene Verordering Gegevensbescherming (AVG)
II. THE PROCESSING OF PERSONAL DATA
a- Purpose limitation – data minimization
All data requested by Masraf from our users will be relevant and limited to what is necessary for both parties to
enter a legitimate Business Relationship.We are committed to data minimization,to avoid the over capture of data.
b- Conditions for consent
a) Where processing is based on consent, Masraf shall be able to demonstrate that the data subject has consented to processing of his or her personal data. In relation to the processing of the personal lass than 18 years old, note that Masraf shall not onboard any minor.
b) If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent for a specific matter shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.
c) Consent can be by a written statement, including by electronic means, or an oral statement (where having positively identified the data subject, a record of which should be kept by Masraf). Silence, pre-ticked boxes or inactivity will not constitute consent.
d) The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof.
e) Consent should be freely given by the data subject. Utmost care should be taken of whether, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
c- Accuracy of data
Incorrect data that has been received by MASRAF will be erased or rectified without delay to ensure that all processed data remains accurate and without error.
This policy is also relevant for data thatrequires periodic updating (i.e., Proof ofAddress) orif a data itembecomes outdated/expired (i.e., Proof of Identification).
d- Storage limitation
Customer data should be stored for no longer than 5 years after the relationship has ceased Captured data will be stored no longer than islegally or operationally required.
e- Integrity & confidentiality
Archived digital and Physical Personal data will be always protected against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
f- Accountability
Accessto Personal Data will be recorded to ensure that any unauthorized access can be detected, and accountability and responsibility can be assigned to the relevant party.
g- Legal obligation to process data
As MASRAF
offersfinancialservicesto individualsin the public, we have a legal obligation to request personal data to verify the true legal identity ofthe natural persona / corporate identity aswell as otherrelevant data points. All data isrequested priorto entering a businessrelationship.
III. LEGAL RIGHTS OF THE DATA SUBJECT
All participating individualswill have the rightto request accessto their data. Thisrequest can be submitted for a variety ofreasons. MASRAF has outlined waysin which natural persons can gain accessto certain personal data, in a controlled and timelymanner.
a- Personal data capture transparity
For a customerto be successfully onboarded they will have to complete a series of questionnaires and provide information to verify theirIdentity, physical address and potentially some financial information.All information will be compiled into a CustomerIdentification File (CIF). Upon capture of personal information, MASRAF disclosesthe following:
• Contact Details ofthe Company.
• The Legal necessity for the capture of this data.
• The Period of which the personal data will be stored.
• The right to request accessto the data captured for:
o Rectification
o Deletion
• The right to lodge a complaint with a supervisory authority.
• The disclosure of any automated decisionmaking based on submitted data.(i.e.,risk- based scoring for the customer profile).
• State thatthis data isforinternal compliance purposes only.
b- Rights of access
The data subject hasthe rightto obtain accessto the personal data they have submitted and to receive confirmation ofthe reason their data is being processed. The following information will be provided on request:
• The reason and purpose ofthe data thatis captured.
• The Period of which the personal data will be stored.
All Personal information captured by MASRAF is declared by the data subject.Upon completion of the registration process, MASRAF customers will be able to log into their website and access allthis personal information via their “Profile Page”.
c- Right to rectification
MASRAF userswill be able to edit and rectify allsubmitted personal data attheir own discretion by accessing their profile page within the Masraf website or mobile application. However, it must be noted thatrectifications are subject to a review by a compliance officerto ensure the legitimacy and accuracy ofthe personal data captured. Additional information may be requested once an individual hasrectified a personal data item.
d- Right to erasure As MASRAF
offersfinancialservicesthe legalrequirementsto store physical and digital data override any requeststo delete submitted data priorto the 5-year archiving period. Thisis clearly stated within the onboarding procedure, prior to entering a businessrelationship with MASRAF.
IV. PROCESSING PERSONAL DATA
The processing of personal data is described as any process or operation that involvesthe usage/transference of personal data. Masraf’s sole processing activity commences upon the submission of personal data by the data subject. Thisinformation is compiled and archived by means an automated technology that was built andmaintained in house and therefore isthe sole processor involved.
a- Record keeping
As all processing is done with a technical aid and no manual intervention. A record will be kept electronically of the data subject’s access, rectification, and addition of their personal data. Once personal data has been submitted, oursoftware willrecord each field of data into its respective category within the Masraf database. Customer data should be stored for no longer than 5 years after the relationship has ceased.
b- Personal data processing register
Masraf undertakes to keep a register of processing activities.
Masraf is responsible for ensuring that any new processing is recorded in the register with relevant background information on the processing.
c- Secure processing
As aforementioned all processing is done within ourtechnicalsystems.OurIT Security Policy is based around the PCI DSS framework to ensure the higheststandard of Technical and Access security is enforced by MASRAF.
IT SECURITY POLICY OVERVIEW
• Secure Network and Systems
• Secure Accessto Networks
• Protecting Stored Cardholder Data (Personal Data)
• Secure Cardholder Data Across Open, Public Networks
• Protection Against Malware
• Secure Web-Based and Mobile Applications
• Strong Access Control
• Authentic Accessto Internal Systems
• Restricted Physical Access
• MonitorAccess
• Test Security
• Maintenance of IT Security Policy
d- Personal data breach (PDB)
A personal data breach is described as a breach in security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, personal data. Masraf exercisesthe higheststandard to data security to mitigate thisrisk asmuch as possible, however impenetrable security is never guaranteed. The following policies are outlined to ensure a timely and effective response in the event of a personal data breach.
Notifying the supervisory authority / third party Afterbecoming awareofaPersonalDataBreachMasrafwillwithoutunduedelaynotifythe applicableSupervisory Authority / Third party based on thememberstate thatbest observesthe rights and freedoms ofthe data subjects effected by the breach. When notifying the supervisory authority, the following will be expressed (if possible):
• The nature ofthe personal data breach.
• The nature ofthe data that was compromised.
• The number of data subject affected.
• Possible consequences of breach.
• Whatimmediate action wastaken to counterthe breach.
• Name and contact details of the data protection officer.
All information will be submitted and recorded without undue delay. If this period exceeds 72 hours, further explanation will be provided. Notifying the data subject If a PDB occurs all effected data subjects will be promptly notified to minimize any adverse effectsthat could be caused by the breach.
As Masraf providesfinancialservices, all personal data breaches will be considered high risk.
The communication will clearly expressthe following:
• Possible consequences of breach.
• Whatimmediate action wastaken to counterthe breach.
• Name and contact details ofthe data protection officer.
Scenarioswhere data subjectis not obliged to be notified:
• A breach occurred butthe sensitive data was not compromised due to the use of encryption,
truncation, masking, hashing or any other data defence material.
V. ROLES AND RESPONSIBILITIES
a- Data Protection Officer (DPO)
Should you have any queries regarding the application of this procedure, or you would like to raise any suspicions of any nature, please contact the designated DPO:
Name Ali SEGHIR
Email ali@masraf.fr
Mobile +971551103940
b- Masraf Board
Responsible for approval of IT security policies. Control of employee’s system access, the domains they can access.
Maintenance of the Server room.
c- Head of Operations
Overall enforcement of security policies. Training of Staff. The semi-annual audit of the policies and implementation of new security measures. The first responder to any incident that causes the technological infrastructure to be compromised.
Correspondence with data subjects
VI. CODE OF CONDUCT
Masraf has outlined a code of conduct to encourage the proper application ofsafeguarding processes in terms of Personal Data Capture and Processing. This code of conduct will apply to all current practices and should be considered when a new process is being designed to ensure future compliance with all GDPR and PCI DSS Regulations.
1. All processing of personal data should be done in a transparent manner.
2. Collecting of PersonalDatamust be done with the Data Subjects consent andmust be made fully aware of the purpose of capturing this data.
3. Effortsshould be made to ensure Data Subjects are aware oftheirrights and freedoms.
4. No data of persons underthe age of 18 should be processed.
5. Data Subjects need to be notified if a harmful data breach occurs.
6. Controls and safeguardsshould be putin place to avoid all unauthorized access as best as possible.
7. Ensure that all personal data security isfully PCI DSS Compliant.
8. Yearly training should be given to all employees who are involved in the control or processing of personal data. To ensure the most contemporary measures are applied.
VII. PERSONAL DATA TRANSFER (3RD COUNTRIES)
The transfer of personal data should be given the utmost care, to prevent accessfrom unauthorized parties and to ensure the ongoing integrity ofthe data that has been transferred. Therefore, when transferring data, a full adequacy review of the destination should be undertaken and only ifthe destinationsstandardsmatch that ofthe original controllershould the data be transferred. Thisrisk is compounded when transferring data to 3rd Countries and therefore requiresmore stringent measures.
Referto the EU website to view a contemporary list of “3rd countries”.
https://ec.europa.eu/food/animals/movement-pets/eu-legislation/listing-territories-and-third- countries en
a- Adequacy criteria
• General climate ofthe Country in question
o Rule of Law – Human rights,fundamental freedoms
o The Political and Legislative regulation
Focus on Personal Data Protection Laws
o The presence of Supervisory Authorities
Compliance and Enforcement
o Presence ofsanctions and adverse media
These reviewsshould be periodic asthe ppolitical and therefore legislative climate ofthe country is ever changing.
b- Transfer safeguards To safeguard against any misuse or unauthorized use of personal data that has been transferred one ormore ofthe following safeguardsshould be enforced.
• A legally binding standard data protection agreement between both entities.
• A binding commitment to replicate Data protection principles of Masraf.
o Proof ofthe application ofthese principles
• Approval and advise froma Supervisory Authority.
o Can be in the formof an approval code.
• An approval certificate from a third country Supervisory Authority that has adequate.
enforcementrightsregarding data subjects’rights and freedoms.
VIII. COOKIE POLICY
a- Introduction
Masraf may use cookies, web beacons, tracking pixels, and other tracking technologies when an individual visits our website , including any other media form, media channel,mobile website, ormobile application related or connected thereto (collectively,the “ Site”)to help customize the Site and improve your experience. We reserve the right to make changes to this Cookie Policy at any time and for any reason. Any changes or modifications will be effective immediately upon posting the updated Cookie Policy on the Site, individuals will not receive specific notice of each such change ormodification.
Users are encouraged to periodically review this Cookie Policy to stay informed of updates. You will be deemed to have beenmade aware of, will be subjectto, and will be deemed to have accepted the changesin any revised Cookie Policy by their continued use of the Site afterthe date such revised Cookie Policy is posted. b- Use of cookies
A “cookie” is a string of information which assigns a user with a unique identifierthat MASRAF stores on your computer. Your browserthen providesthat unique identifierto MASRAF each time you submit a query to the Site. We use cookies on the Site to, among otherthings, keep track of servicesindividuals have used,record registration information,record an individual’s user preferences, keep themlogged into the Site,facilitate purchase procedures, and track the pages they visit. c- Types of cookies
The following types of cookiesmay be used on the MASRAF Website Advertising cookies Advertising cookies are placed on an individual’s computer by advertisers and ad serversto display advertisements that aremost catered to the specific induvial. These cookies allow advertisers and ad serversto gatherinformation about users visitsto the Site and other websites, alternate the adssent to a specific computer, and track how often an ad has been viewed and by whom. These cookies are linked to a computer and do not gather any personal information about MASRAF Users.
Analytics cookies Analytics cookies monitor how usersreached the Site, and how they interact with and move around once on the Site. These cookieslet us know whatfeatures on the Site are working the best and what features on the Site can be improved.
Our cookies
Our cookies are “first-party cookies” and can be either permanent ortemporary. These are necessary cookies, without which the Site won’t work properly or be able to provide certain features and functionalities. Some ofthese may be manually disabled in your browser but may affect the functionality of the Site. Personalization cookies Personalization cookies are used to recognize repeat visitorsto the Site.We use these cookiesto record your browsing history,the pages you have visited, and yoursettings and preferences each time you visit the Site.
Security cookies
Security cookies help identify and preventsecurity risks.We use these cookiesto
authenticate users and protect user data fromunauthorized parties.
Site management cookies Site management cookies are used to maintain an individual’s identity or session on the Site so that they are not logged off unexpectedly, and any information that is entered is retained from page to page. These cookies cannot be turned off individually, but all cookies can be disable in your browser.
Third-party cookies
Third-party cookies may be place on your computer when you visitthe Site by companiesthat run certain services we offer. These cookies allow the third parties to gather and track certain information about you. These cookies can be manually disabled in your browser.
d- Control of cookies
Most browsers are set to accept cookies by default. However, individuals can remove or reject cookies in your browser’ssettings.Wemake our usersaware thatsuch action could affectthe availability and functionality ofthe Site.
For more information on how to control cookies, check your browser or device’s settingsfor how you can control or reject cookies, or visitthe following links: e- Other tracking technology
In addition to cookies, Masraf may make use web beacons, pixeltags, and othertracking technologies on the Site to help customize the Site and improve our user’s experience.A“web beacon” or “pixeltag” istiny object orimage embedded in a web page or email. They are used to track the number of users who have visited pages and viewed emails and acquire otherstatistical data. They collect only a limited set of data,such as a cookie number,time and date of page or email view, and a description ofthe page or email on which they reside.Web beacons and pixel tags cannot be declined, individuals can elect to minimize/limit their usage.
